Total
43896 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25352 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then saving. | ||||
| CVE-2020-25343 | 1 Getsymphony | 1 Symphony | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields['body'] param via events\event.publish_article.php | ||||
| CVE-2020-25288 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | 4.8 Medium |
| An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitrary JavaScript. | ||||
| CVE-2020-25272 | 1 Online Bus Booking System Project | 1 Online Bus Booking System | 2024-11-21 | 6.1 Medium |
| In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php. | ||||
| CVE-2020-25271 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 5.4 Medium |
| PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php. | ||||
| CVE-2020-25270 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-21 | 5.4 Medium |
| PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City. | ||||
| CVE-2020-25267 | 1 Ilias | 1 Ilias | 2024-11-21 | 5.4 Medium |
| An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4. | ||||
| CVE-2020-25205 | 1 Mimosa | 6 B5, B5 Firmware, B5c and 3 more | 2024-11-21 | 6.1 Medium |
| The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain arbitrary JavaScript. The file contents are then used as part of a welcome/banner message presented to unauthenticated users who visit the login page for the web console. This vulnerability does not occur in the older 1.5.x firmware versions. | ||||
| CVE-2020-25148 | 1 Observium | 1 Observium | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php. | ||||
| CVE-2020-25146 | 1 Observium | 1 Observium | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for edit_syslog_rule. | ||||
| CVE-2020-25141 | 1 Observium | 1 Observium | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI. | ||||
| CVE-2020-25140 | 1 Observium | 1 Observium | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php. | ||||
| CVE-2020-25139 | 1 Observium | 1 Observium | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_rule, because of syslog_rules.inc.php. | ||||
| CVE-2020-25138 | 1 Observium | 1 Observium | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id= because of pages/alert_check.inc.php. | ||||
| CVE-2020-25137 | 1 Observium | 1 Observium | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI. | ||||
| CVE-2020-25135 | 1 Observium | 1 Observium | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the graphs/ URI. | ||||
| CVE-2020-25131 | 1 Observium | 1 Observium | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the role_name or role_descr parameter to the roles/ URI. | ||||
| CVE-2020-25124 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 4.8 Medium |
| The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI. | ||||
| CVE-2020-25123 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 4.8 Medium |
| The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager. | ||||
| CVE-2020-25122 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 4.8 Medium |
| The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager. | ||||